Increasingly industries and individuals are moving their storage and processing to virtual or cloud environments. This has a variety of advantages, such as: high availability of resources, since access is not tied to any specific device; failover access when a device fails; outsourced management of the resources; and others.
However, this trend is not without its issues, particularly when it comes to security. Nearly every day, the news reports on customer data from a particular enterprise being compromised by hackers. Much of the security issues stems from the use of Virtual Machines (VM) that can be independent of hardware to which they run and that can be extremely portable.
A traditional computing environment includes a variety of security controls, which are noticeably absent from virtual/cloud environments, such as access controls identified as file permissions to protect sensitive data. Hardware specific encryption is even used to sometimes encrypt all data on a particular storage device.
Consider that passwords and other encrypted information are often retained for some period of time in a decrypted format within memory of a VM; to facilitate fast access and seamless motion, the VM will often store memory on disk or a networked device (this stored memory includes decrypted passwords and other secrets). Because the decrypted information resides in files or as a data stream (over the network wires), that information can be modified and/or accessed by external entities. These same entities can also copy the operating VM, or copy the VM as it is migrated across the network. So, even if a situation were detected and the VM was abruptly shut down, this remedy still might not work to protect all the sensitive data because some remnants of the data may still reside in memory in an unprotected or decrypted format.